Fine-Grained Code Analysis for Processor Fuzzing
PaperFirst seen 6/11/2026
Last seen 6/11/2026
Evidence 13 chunks
NEIGHBORHOOD
No graph connections found for this entity yet. It may appear in future ingestion runs.
explore full graph →RELATIONSHIPS
50 connectionsThe paper uses a golden reference model (Spike) for differential checking.
The paper introduces a static analysis approach for extracting CFGs and dependencies from processor RTL designs.
The paper uses basic blocks as nodes in the CFG for dependency and coverage analysis.
The paper evaluates its approach on the Rocket Chip processor.
The paper uses mutation-based fuzzing as part of its fuzz loop.
The paper uses SMT solving via Z3 for dependency analysis satisfiability checking.
The paper extracts and uses CFGs from processor designs as heuristic information.
The paper manages and optimizes a seed corpus during the fuzz loop.
The paper uses FlattenRTL to flatten hierarchical RTL designs.
The paper introduces the dependency-aware heuristic for seed selection in processor fuzzing.
The paper addresses hardware fuzzing as the broader domain of its contribution.
The paper uses RISC-V processors as benchmarks.
The paper evaluates its approach on the BOOM processor.
The paper compares its results against ProcessorFuzz in branch coverage and bug discovery.
The paper uses branch coverage as the primary evaluation metric.
The paper applies data dependency analysis to hardware designs.
The paper leverages the white-box RTL model to extract internal logic and structural information.
The paper uses ISA templates to construct instruction sequences for simulation.
The paper uses Pyverilog for RTL parsing and analysis.
The paper uses Z3 SMT solver for dependency satisfiability checking.
The paper uses cocotb for RTL simulation.
The paper uses Verilator as the simulation backend.
The paper uses Spike as the golden reference model for differential testing.
The paper compares its branch coverage results against JasperGold formal verification tool.
The paper compares its approach against RFUZZ in a related work table.
The paper compares its approach against DifuzzRTL.
The paper compares its approach against TheHuzz.
The paper compares its approach against HyPFuzz.
The paper compares its approach against FormalFuzzer.
The paper discusses DAFL as an advanced software fuzzer that uses control flow and data dependency analysis.
The paper mentions differential fuzz testing as used by DifuzzRTL.
The paper mentions bounded model checking as a fully formal method with high computational cost.
The paper notes that recent hardware fuzzing has focused on grey-box methodologies.
The paper addresses functional verification of RTL processor designs.
The paper cites PSO-Fuzz as related work in processor fuzzing.
The paper mentions DirectFuzz as prior work using module connectivity graphs.
The paper is authored by Ziyue Zheng.
The paper mentions AFL fuzzer as inspiration for mutation operator scheduling.
The paper is authored by Zhi Qu.
The paper is authored by Yangdi Lyu.
The paper is from The Hong Kong University of Science and Technology (Guangzhou).
The paper introduces the frequency heuristic for prioritizing seeds that access rare branches.
The paper uses RTL flattening as a preprocessing step to simplify analysis.
The paper uses RTL symbolization to convert RTL into symbolic representations.
The paper uses SSA form for satisfiability checking during dependency analysis.
The paper uses seed corpus optimization within its fuzz loop.
The paper uses roulette wheel selection to pick seeds based on heuristic values.
The paper uses branch coverage instrumentation within the CFG construction step.
The paper analyzes and processes RTL designs as its primary input.
The paper employs coverage-guided fuzzing as its core test generation paradigm.